Registration

[TimFA]

I tried and tried with databases they just don't wanna work for me. Anyways, I was attempting to find a way to edit login.php to recognize more users/pass', i.e. a registration. I worked at it for a while with no luck, I've done something wrong I'm just not sure what. Someone might get after me for not using DBs or flat files (text, since I guess PHP is flat), but oh well. Please just tell me what I've screwed up.

Code:

$user=$_POST['user'];
$pass=$_POST['pass'];
$email=$_POST['email'];
$data2="elseif(\$user==\"$user\" && \pass==\"$pass\") {
session_start();
\$_SESSION['user']='$user';
\$_SESSION['pass']='$pass';
\$_SESSION['logged']='yes';
\$_SESSION['email']='$email';

else {";

$data=fopen("","r+");
$data3=str_replace("else {", $data2, $data);

fwrite($data, $data3);

fclose($data);

print("dfg");

You can visit the form here:
The print was simply a confirmation that it was working, since its not printing I'd guess theres a syntax error.

Thanks,
Tim

edit: and as you may have guessed, the little "What color is behind" thing isn't doing jack right now so you don't need to answer it.

[TimFA]

Ok, its printing it out but not changing login.php.

[Master_script_maker]

you can't change the file that the server is running

[TimFA]

It isn't running login.php at the moment. That file is inactive, even if I would run into problems later I don't care right now. If the error still lies in that, then explain what "running" is. The file register.php is supposed to make the changes not login.php.

[thetestingsite]

This line,

Code:

$data=fopen("http://fassist.profusehost.net/test/phpscripts/login.php","r+");

change to a relative path to login.php.

Hope this helps.

[TimFA]

Well, it did SOMETHING atleast. This is my output:

Code:

Resource id #1_POST['user'];
$pass=$_POST['pass'];
$redir="<head>
<script language=\"JavaScript\">
var time = null
function move() {
window.location = 'http://fassist.profusehost.net/'
}
</script>
</head>
<body  onload=\"timer=setTimeout('move()',1)\">
</body>";
$rediralt="<head>
<script language=\"JavaScript\">
var time = null
function move() {
window.location = 'http://fassist.profusehost.net/'
}
</script>
</head>
<body  onload=\"timer=setTimeout('move()',2000)\">
<div
style=\"width:100%;font-family:arial;font-size:10pt;text-align:center;\">
Login failed, please try again.
</div>
</body>";

if($user=="xxxxxxx" && $pass=="xxxxxx") {
session_start();
$_SESSION['user']='xxxxxx';
$_SESSION['pass']='xxxxxx';
$_SESSION['email']='admin@fassist.profusehost.net';
$_SESSION['logged']='yes';

print("$redir");
}

elseif($user=="xxxxxx" && $pass=="xxxxxx") {
session_start();
$_SESSION['user']='xxxxx';
$_SESSION['pass']='xxxxx';
$_SESSION['logged']='yes';
$_SESSION['email']='xxxxxxxxxxxxx';

print("$redir");
}

else {
print("$rediralt");

?>

Please note that both entries already in the above script I had in place already, the x's are to blank out user/pass. As you can see it removed the <?php and put in some "Resource" garbage. WTH.

[thetestingsite]

Just as a test, try doing this in place of fwrite:

Code:

$user=$_POST['user'];
$pass=$_POST['pass'];
$email=$_POST['email'];
$data2="elseif(\$user==\"$user\" && \$pass==\"$pass\") {
session_start();
\$_SESSION['user']='$user';
\$_SESSION['pass']='$pass';
\$_SESSION['logged']='yes';
\$_SESSION['email']='$email';

else {";

$data=fopen("phpscripts/login.php","r+");
$data3=str_replace("else {", $data2, $data);

echo htmlentites($data3);
//fwrite($data, $data3);

fclose($data);

print("dfg");

If it outputs something like Resource_id #1, then it is an issue with the fopen command and you may need to choose a different mode or recode it to read the file, then rewrite the file.
Hope this helps.

Edit: Also, in your $data2 string, you are missing the part in red. You may want to add it so that the script will work after you get the writing to the file part worked out.

[TimFA]

Now it doesn't do anything, was I supposed to keep the //fwrite() or not.

[thetestingsite]

Yes, all the // does is comment out that line. As for the script not showing anything, that's odd. I will have to play around with this and let you know unless someone else can figure it out in the meantime.

[TimFA]

Could this be the culprit?

htmlentities